exam questions

Exam AWS Certified Solutions Architect - Professional All Questions

View all questions & answers for the AWS Certified Solutions Architect - Professional exam

Exam AWS Certified Solutions Architect - Professional topic 1 question 756 discussion

A company is launching a new web application on Amazon EC2 instances. Development and production workloads exist in separate AWS accounts.
According to the company's security requirements, only automated configuration tools are allowed to access the production account. The company's security team wants to receive immediate notification if any manual access to the production AWS account or EC2 instances occurs.
Which combination of actions should a solutions architect take in the production account to meet these requirements? (Choose three.)

  • A. Turn on AWS CloudTrail logs in the application's primary AWS Region. Use Amazon Athena to query the logs for AwsConsoleSignIn events.
  • B. Configure Amazon Simple Email Service (Amazon SES) to send email to the security team when an alarm is activated.
  • C. Deploy EC2 instances in an Auto Scaling group. Configure the launch template to deploy instances without key pairs. Configure Amazon CloudWatch Logs to capture system access logs. Create an Amazon CloudWatch alarm that is based on the logs to detect when a user logs in to an EC2 instance.
  • D. Configure an Amazon Simple Notification Service (Amazon SNS) topic to send a message to the security team when an alarm is activated.
  • E. Turn on AWS CloudTrail logs for all AWS Regions. Configure Amazon CloudWatch alarms to provide an alert when an AwsConsoleSignIn event is detected.
  • F. Deploy EC2 instances in an Auto Scaling group. Configure the launch template to delete the key pair after launch. Configure Amazon CloudWatch Logs for the system access logs. Create an Amazon CloudWatch dashboard to show user logins over time.
Show Suggested Answer Hide Answer
Suggested Answer: CDE 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
iillii
2 years, 9 months ago
C,D,E is right!!
upvoted 4 times
...
AzureDP900
2 years, 12 months ago
C,D,E is right
upvoted 2 times
...
Meghaaaa
2 years, 12 months ago
Why not B?
upvoted 1 times
lingxian
2 years, 6 months ago
SES is a service that helps you send/receive emails, not a service that could subscribe an event.
upvoted 2 times
...
...
cldy
2 years, 12 months ago
C. Deploy EC2 instances in an Auto Scaling group. Configure the launch template to deploy instances without key pairs. Configure Amazon CloudWatch Logs to capture system access logs. Create an Amazon CloudWatch alarm that is based on the logs to detect when a user logs in to an EC2 instance. D. Configure an Amazon Simple Notification Service (Amazon SNS) topic to send a message to the security team when an alarm is activated. E. Turn on AWS CloudTrail logs for all AWS Regions. Configure Amazon CloudWatch alarms to provide an alert when an AwsConsoleSignin event is detected.
upvoted 2 times
...
AzureDP900
3 years ago
C,D,E is correct answer
upvoted 2 times
...
acloudguru
3 years ago
Selected Answer: CDE
F is not right, cloudwatch dashboard does not have such way to meet the requirement
upvoted 2 times
...
Kopa
3 years ago
yep C.D.E
upvoted 2 times
...
andylogan
3 years, 1 month ago
It's C D E
upvoted 2 times
...
tgv
3 years, 1 month ago
CCC DDD EEE ---
upvoted 3 times
...
blackgamer
3 years, 1 month ago
CDE is the answer.
upvoted 1 times
...
Cotter
3 years, 1 month ago
Sure for C,D and E.
upvoted 1 times
...
denccc
3 years, 2 months ago
Also going for CDE
upvoted 1 times
...
pablobairat
3 years, 2 months ago
C,D,E it is
upvoted 3 times
...
pkboy78
3 years, 2 months ago
I think it is C, D and E
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...